home

downloadapi.dll

DownloadAPI

Goobzo LTD

This is part of the Goobzo YTDownloader a browser extension for downloading videos, however, the file will attempt ot modify the user's browser including resetting the home and seach pages as well as inject various forms of unwanted advertising in the browser. The module downloadapi.dll by Goobzo has been detected as adware by 21 anti-malware scanners.
Publisher:
YTDownloader  (signed by Goobzo LTD)

Product:
DownloadAPI

Version:
3.3.7.5

MD5:
bcd661a707f70360e4fa699c8b375ae6

SHA-1:
d8ae356aa09d226a2e04ce4137c73680acfc4439

SHA-256:
452a722b0b7d4151bdd89a66d4a12f002d638b4d03942e1f469a09bf43dc13e3

Scanner detections:
21 / 68

Status:
Adware

Analysis date:
4/24/2024 8:25:12 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-PUP/CrossRider
2015.01.31

avast!
Win32:Adware-CDO [PUP]
2014.9-150131

AVG
Skodna
2016.0.3213

Baidu Antivirus
Adware.Win32.Shopper
4.0.3.15131

Bkav FE
W32.HfsAdware
1.3.0.6379

ESET NOD32
Win32/SBWatchman (variant)
9.11097

Fortinet FortiGate
Adware/Shopper
1/31/2015

G Data
Win32.Application.Agent.GDS1NQ
15.1.24

IKARUS anti.virus
AdWare.Shopper
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.193.14811

Kaspersky
not-a-virus:AdWare.Win32.Shopper
14.0.0.2558

McAfee
Artemis!F90E1965F014
5600.6869

nProtect
Trojan-Clicker/W32.Shopper.2340712
15.01.30.01

Panda Antivirus
Adware/Goobzo
15.01.31.07

Qihoo 360 Security
HEUR/QVM30.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Goobzo
15.1.31.7

Sophos
Goobzo
4.98

Trend Micro House Call
Suspicious_GEN.F47V0116
7.2.31

Vba32 AntiVirus
AdWare.Shopper
3.12.26.3

VIPRE Antivirus
Goobzo
37100

Zillya! Antivirus
Adware.Shopper.Win32.399
2.0.0.2049

File size:
2.2 MB (2,340,712 bytes)

Product version:
3.3.7.5

Copyright:
Copyright © 1999-2013 SPEEDbit Ltd.

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\ytdownloader\downloadapi.dll

Digital Signature
Signed by:
Goobzo LTD

Authority:
Thawte, Inc.

Valid from:
5/2/2013 1:00:00 AM

Valid to:
5/3/2015 12:59:59 AM

Subject:
CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
120B25DDE57B88636AD4D97D23B99C88

File PE Metadata
Compilation timestamp:
1/30/2015 10:53:16 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:HyFxsdh1gpNTQvlKLFoTm5RyXIAibvvrnaa+dVk9qy+yP7ms75sPwscnSgqZl:ExsX1wTsMNAfCvP7P75s4HSgil

Entry address:
0x159D2F

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, C4, F7, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 56, E8, A6, 3A, 00, 00, 59, 83, F8, 05, 72, 69, 8A, 06, 3C, 5C, 74, 04, 3C, 2F, 75, 5F, 8A, 46, 01, 3C, 5C, 74, 04, 3C, 2F, 75, 54, 8A, 46, 02, 3C, 5C, 74, 4D, 3C, 2F, 74, 49, 8D, 46, 03, 8A, 08, 32, D2, 3A, CA, 74, 3E, 80, F9, 5C, 74, 0C, 80, F9, 2F, 74, 07, 40, 8A, 08, 3A, CA, 75, EF, 38, 10, 74, 29, 40, 38, 10, 74, 24, 8A, 08, 3A, CA, 74, 1A, 80, F9, 5C, 74...
 
[+]

Entropy:
6.7124

Code size:
1.6 MB (1,694,720 bytes)

Remove downloadapi.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.